Commit graph

218 commits

Author SHA1 Message Date
nia
ce478676af *: Remove dodgy hacks for NetBSD versions older than 5. 2022-05-10 11:50:54 +00:00
adam
b6d9bd86bc revbump for icu and libffi 2021-12-08 16:01:42 +00:00
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
nia
7449ba64ed gnupg: asm is unsafe for MKPIE on i386 2021-09-30 11:17:10 +00:00
adam
5e7c36d9d2 revbump for boost-libs 2021-09-29 19:00:02 +00:00
adam
da0a125726 revbump for boost-libs 2021-04-21 13:24:06 +00:00
gdt
51dd4c515f devel/gnupg: Stop installing gpgsplit, because it conflicts with gnupg2
gpgsplit has been installed by gnupg(1) since 2002.  gpgsplit has also
been in tools/ within gnupg-2, but upstream recently moved it from
noinst_PROGRAMS to bin_PROGRAMS without noting this in NEWS.

Because gnugp2 is normal and gnupg remains for special cases, simply
drop gpgsplit from gnupg; we have no intent to save people from
installing gnupg2 -- only to continue to allow them to use the old gpg
binary for special uses.
2020-09-07 13:08:28 +00:00
adam
d62c903eea revbump after updating security/nettle 2020-05-22 10:55:42 +00:00
adam
7d4b705c63 revbump after boost update 2020-05-06 14:04:05 +00:00
wiz
f669fda471 *: recursive bump for libffi 2020-03-08 16:47:24 +00:00
rillig
9637f7852e all: migrate homepages from http to https
pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
2020-01-26 17:30:40 +00:00
jperkin
26c1bffc9f *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:19 +00:00
ryoon
eedd1e806f *: Recursive revbump from devel/boost-libs 2020-01-12 20:19:52 +00:00
ryoon
edacf2bbcb Recursive revbump from boost-1.71.0 2019-08-22 12:22:48 +00:00
wiz
c30c5fbc0b *: recursive bump for nettle 3.5.1 2019-07-20 22:45:58 +00:00
ryoon
57d0806c39 Recursive revbump from boost-1.70.0 2019-07-01 04:07:44 +00:00
adam
5b12b7b592 revbump for boost 1.69.0 2018-12-13 19:51:31 +00:00
adam
9d06c0a472 revbump after boost-libs update 2018-08-16 18:54:26 +00:00
tez
bde3bb0adc gnupg: update to 1.4.23
Fixes CVE-2017-7526

Updates since 1.4.22:

2018-06-11  Werner Koch  <wk@gnupg.org>

        Release 1.4.23.
        + commit 8ae6a246bef5b5eb0684e9fb1c933a4f8441dadd


2018-06-08  Werner Koch  <wk@gnupg.org>

        gpg: Sanitize diagnostic with the original file name.
        + commit 2326851c60793653069494379b16d84e4c10a0ac
        * g10/mainproc.c (proc_plaintext): Sanitize verbose output.

2018-04-13  NIIBE Yutaka  <gniibe@fsij.org>

        g10: Push compress filter only if compressed.
        + commit 0f8fd95ab32a6d29dac79e19f0850037c7d0c16f
        * g10/compress.c (handle_compressed): Fix memory leak.

2017-12-18  NIIBE Yutaka  <gniibe@fsij.org>

        po: Update Japanese translation.
        + commit 1338bce5f66a95b53f18c4b54f0e9ac79604500a
        * po/ja.po: Fix message with no "%s".

2017-12-04  NIIBE Yutaka  <gniibe@fsij.org>
            Damien Goutte-Gattat  <dgouttegattat@incenp.org>

        g10: Fix regexp sanitization.
        + commit 9441946e1824eb58249c58432ed1f554d0d8a102
        * g10/trustdb.c (sanitize_regexp): Only escape operators.

2017-11-10  Dario Niedermann  <dario@darioniedermann.it>

        Do not use C99 feature.
        + commit 877e3073d731fec55a88673f91ed646a75e786c8
        * cipher/rsa.c (secret): Move var decl to the beginning.

2017-09-06  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

        po: update Dutch translation.
        + commit aa26eda8ab679a80a7be2c82478cb4440b45ec8c


2017-08-04  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>

        doc: Remove documentation for future option --faked-system-time.
        + commit eb15d5ed8e4a765998e9de7698bdc65328bcaaa3
        doc/gpg.texi: Remove documentation for --faked-system-time.

2017-08-02  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

        debian: Remove packaging from upstream repository.
        + commit 9832a4bacfa5232534f2c7fe7655bd0677a41f6e
        Debian packaging for GnuPG is handled in debian git repositories, and
        doesn't belong here in the upstream repository.  The packaging was
        significantly out of date anyway.

        If you're looking for debian packaging for the 1.4 branch of GnuPG,
        please use the following git remote:

            https://anonscm.debian.org/git/pkg-gnupg/gnupg1.git

2017-08-02  Joe Hansen  <joedalton2@yahoo.dk>

        po: Update Danish translation.
        + commit 12afc37a946477692257d725acac513f271c4e9e
        Originally reported at:
        http://lists.gnupg.org/pipermail/gnupg-i18n/2014-November/000308.html

2017-08-02  Frans Spiesschaert  <Frans.Spiesschaert@yucom.be>

        po: Update Dutch translation.
        + commit 6d5c5204d79fa9d01981c0076d3acde18534640a
        Debian-Bug-Id: 845695

2017-08-01  Manuel Venturi Porras Peralta  <venturi@openmailbox.org>

        po: Update Spanish translation.
        + commit 76239356bcb3bfeec5327637ed87429594868fef
        Debian-Bug-Id: 814541
2018-06-15 21:51:23 +00:00
adam
35aa3efc12 revbump for boost-libs update 2018-04-29 21:31:17 +00:00
wiz
f367007762 *: gd.tuwien.ac.at/ftp.tuwien.ac.at is gone, remove it from various mastersites 2018-04-21 13:38:04 +00:00
maya
e48d11bf83 Remove traces of crypto restrictions from packages.
ok for idea riastradh.
2018-01-02 05:37:22 +00:00
adam
983847f667 Revbump after boost update 2018-01-01 21:18:06 +00:00
adam
931d707fe2 Revbump for boost update 2017-08-24 20:03:08 +00:00
wiz
9a71af9558 Updated gnupg to 1.4.22.
Noteworthy changes in version 1.4.22 (2017-07-19)
-------------------------------------------------

 * Mitigate a flush+reload side-channel attack on RSA secret keys
   dubbed "Sliding right into disaster".  For details see
   <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

 * Fix some minor bugs.
2017-08-14 20:12:00 +00:00
ryoon
76884737ca Recursive revbump from boost update 2017-04-30 01:21:19 +00:00
agc
30b55df38e Convert all occurrences (353 by my count) of
MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
2017-01-19 18:52:01 +00:00
adam
76632718ac Revbump after boost update 2017-01-01 16:05:55 +00:00
adam
3b88bd43a5 Revbump post boost update 2016-10-07 18:25:29 +00:00
maya
fa4b62bdea Update gnupg to 1.4.21
Changelog:
2016-08-17  Werner Koch  <wk@gnupg.org>

	Release 1.4.21.

	gpg: Add dummy option --with-subkey-fingerprint.
	* g10/gpg.c (opts): Add dummy option.

	build: Create a swdb file during "make distcheck".
	* Makefile.am (distcheck-hook): New.

2016-08-17  Ineiev  <ineiev@gnu.org>

	po: Update Russian translation.

2016-08-17  Werner Koch  <wk@gnupg.org>

	random: Hash continuous areas in the csprng pool.
	* cipher/random.c (mix_pool): Store the first hash at the end of the
	pool.

	cipher: Improve readability by using a macro.
	* cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

2016-08-09  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	gpg: Avoid publishing the GnuPG version by default.
	* g10/gpg.c (main): initialize opt.emit_version to 0
	* doc/gpg.texi: document different default for --emit-version

2016-08-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

	Clean up "allow to"
	* README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
	  "allow to" with clearer text

	In standard English, the normal construction is "${XXX} allows ${YYY}
	to" -- that is, the subject (${XXX}) of the sentence is allowing the
	object (${YYY}) to do something.  When the object is missing, the
	phrasing sounds awkward, even if the object is implied by context.
	There's almost always a better construction that isn't as awkward.

	These changes should make the language a bit clearer.

	Fix spelling: "occured" should be "occurred"
	* checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
	  util/regcomp.c, util/regex_internal.c: correct the spelling of
	  "occured" to "occurred"

2016-08-04  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix checking key for signature validation.
	* g10/sig-check.c (signature_check2): Not only subkey, but also primary
	key should have flags.valid=1.

2016-08-03  Justus Winter  <justus@g10code.com>

	Partially revert "g10: Fix another race condition for trustdb access."
	This amends db246f8b which accidentally included the compiled
	translation files.

2016-07-09  NIIBE Yutaka  <gniibe@fsij.org>

	gpgv: Tweak default options for extra security.
	* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
	cached status.  Similarly, set opt.flags.require_cross_cert for backsig
	validation for subkey signature.

2016-07-06  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix keysize with --expert.
	* g10/keygen.c (ask_keysize): It's 768 only for DSA.

2016-06-28  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix --list-packets.
	* g10/gpg.c (main): Call set_packet_list_mode after assignment of
	opt.list_packets.
	* g10/mainproc.c (do_proc_packets): Don't stop processing with
	--list-packets as the comment says.
	* g10/options.h (list_packets): Fix the comment.
	* g10/parse-packet.c: Fix the condition for opt.list_packets.

2016-06-15  Niibe Yutaka  <gniibe@fsij.org>

	g10: Fix another race condition for trustdb access.
	* g10/tdbio.c (create_version_record): Call create_hashtable to always
	make hashtable, together with the version record.
	(get_trusthashrec): Remove call to create_hashtable.

2016-02-12  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Make sure to have the directory for trustdb.
	* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
	the directory and create it if none before calling take_write_lock.

2016-02-01  Werner Koch  <wk@gnupg.org>

	Fix possible sign extension problem with newer compilers.
	* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
	* cipher/blowfish.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	* cipher/camellia.c (CAMELLIA_RR8): Ditto.
	* cipher/cast5.c (do_encrypt_block): Ditto.
	(do_decrypt_block): Ditto.
	(do_cast_setkey): Ditto.
	* cipher/twofish.c (INPACK): Ditto.
	* util/iobuf.c (block_filter): Ditto.

2016-01-26  NIIBE Yutaka  <gniibe@fsij.org>

	g10: Fix iobuf API of filter function for alignment.
	* include/iobuf.h (struct iobuf_struct): Remove DESC.
	* util/iobuf.c (iobuf_desc): New.
	(print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
	(iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
	(iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
	(file_filter, sock_filter, block_filter): Fill the description.
	* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
	g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
	g10/progress.c, g10/textfilter.c: Likewise.

2016-01-15  Werner Koch  <wk@gnupg.org>

	Fix possible AIX problem with sysconf in rndunix.
	* cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
	(start_gatherer): Detect misbehaving sysconf.

2016-01-13  NIIBE Yutaka  <gniibe@fsij.org>

	Fix to support git worktree.
	* Makefile.am: Use -e for testing .git.

2015-12-21  NIIBE Yutaka  <gniibe@fsij.org>

	po: Update Japanese translation.
2016-08-17 23:05:19 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
wiz
9865b5c5af Drop maintainership. 2016-02-24 13:01:21 +00:00
zafer
734cd030aa remove one dead mirror (not resolved) 2016-01-22 08:39:51 +00:00
ryoon
d31773c16f Update to 1.4.20
Changelog:
Noteworthy changes in version 1.4.20 (2015-12-20)
-------------------------------------------------

 * Reject signatures made using the MD5 hash algorithm unless the
   new option --allow-weak-digest-algos or --pgp2 are given.

 * New option --weak-digest to specify hash algorithms which
   should be considered weak.

 * Changed default cipher for symmetric-only encryption to AES-128.

 * Fix for DoS when importing certain garbled secret keys.

 * Improved error reporting for secret subkey w/o corresponding public
   subkey.

 * Improved error reporting in decryption due to wrong algorithm.

 * Fix cluttering of stdout with trustdb info in double verbose mode.

 * Pass a DBUS envvar to gpg-agent for use by gnome-keyring.
2015-12-22 20:55:41 +00:00
wiz
fc431174ba Bump PKGREVISION. 2015-11-16 10:33:35 +00:00
wiz
81c4cdc960 Remove annoying left-over debug message.
From upstream via Petar Bogdanovic on pkgsrc-users.

Bump PKGREVISION.
2015-11-16 10:33:20 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
wiz
3ca6fa4811 Update to 1.4.19:
Noteworthy changes in version 1.4.19 (2015-02-27)
-------------------------------------------------

 * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
   See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.

 * Fixed data-dependent timing variations in modular exponentiation
   [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
   are Practical].

 * Detect faulty use of --verify on detached signatures.

 * Changed the PKA method to use CERT records and hashed names.

 * New import option "keep-ownertrust".

 * Support algorithm names when generating keys using the --command-fd
   method.

 * Updated many translations.

 * Updated build system.

 * Fixed a regression in keyserver import

 * Fixed argument parsing for option --debug-level.

 * Fixed DoS based on bogus and overlong key packets.

 * Fixed bugs related to bogus keyrings.

 * The usual minor minor bug fixes.
2015-02-28 00:13:25 +00:00
wiz
cda18437be Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. 2014-10-09 14:05:50 +00:00
wiz
7934c72e83 Update to 1.4.18:
Noteworthy changes in version 1.4.18 (2014-06-30)
-------------------------------------------------

 * Fix a regression in 1.4.17 if more than one keyid is given
   to --recv-keys et al.

 * Cap RSA and Elgamal keysize at 4096 bit also for unattended key
   generation.
2014-07-22 11:24:29 +00:00
wiz
33a6bffd05 Update to 1.4.17 due to security fix:
Noteworthy changes in version 1.4.17 (2014-06-23)
-------------------------------------------------

 * Avoid DoS due to garbled compressed data packets.

 * Screen keyserver reponses to avoid import of unwanted keys by rogue
   servers.

 * Add hash algorithms to the "sig" records of the colon output.

 * More specific reason codes for INV_RECP status.

 * Fixes for PC/SC access on Apple.

 * Minor bug fixes.
2014-06-24 07:35:10 +00:00
tron
c64e9eb269 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:18:26 +00:00
wiz
aa49a5facc Update to 1.4.16:
Noteworthy changes in version 1.4.16 (2013-12-18)
-------------------------------------------------

 * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
   Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
   See <http://www.cs.tau.ac.il/~tromer/acoustic/>.  [CVE-2013-4576]

 * Put only the major version number by default into armored output.

 * Do not create a trustdb file if --trust-model=always is used.

 * Print the keyid for key packets with --list-packets.

 * Changed modular exponentiation algorithm to recover from a small
   performance loss due to a change in 1.4.14.
2013-12-18 18:56:24 +00:00
wiz
6d710fd8b8 Remove obsolete --with-static-rnd=auto as suggested by Andreas Gustafsson
in PR 48345.
2013-10-26 23:30:29 +00:00
wiz
ea7973d54c Update to 1.4.15:
Noteworthy changes in version 1.4.15 (2013-10-04)
-------------------------------------------------

    * Fixed possible infinite recursion in the compressed packet
      parser. [CVE-2013-4402]

    * Protect against rogue keyservers sending secret keys.

    * Use 2048 bit also as default for batch key generation.

    * Minor bug fixes.
2013-10-05 13:19:51 +00:00
wiz
57a5404b0c Update to 1.4.14:
Noteworthy changes in version 1.4.14 (2013-07-25)
-------------------------------------------------

    * Mitigate the Yarom/Falkner flush+reload side-channel attack on
      RSA secret keys.  See <http://eprint.iacr.org/2013/448>.

    * Fixed IDEA for big-endian CPUs

    * Improved the diagnostics for failed keyserver lockups.

    * Minor bug and portability fixes.
2013-07-25 11:50:45 +00:00
ryoon
f8e628f818 * .include "../../devel/readline/buildlink3.mk" with USE_GNU_READLINE=yes
are replaced with .include "../../devel/readline/buildlink3.mk", and
  USE_GNU_READLINE are removed,

* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
  are replaced with .include "../../mk/readline.buildlink3.mk".
2013-07-15 02:02:17 +00:00
riastradh
e6111ac745 Fix cross-build of gnupg with CC_FOR_BUILD=NATIVE_CC. 2013-05-10 20:18:39 +00:00
wiz
fbe27aee2e Remove obsolete sentence about idea. 2013-02-09 15:49:55 +00:00